CVSS: 5.8EPSS: 0%CPEs: 127EXPL: 0CVE-2020-2800 – OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825)
https://notcve.org/view.php?id=CVE-2020-2800
15 Apr 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessibl... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 4.3EPSS: 0%CPEs: 138EXPL: 0CVE-2020-2773 – OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415)
https://notcve.org/view.php?id=CVE-2020-2773
15 Apr 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html • CWE-248: Uncaught Exception •
CVSS: 4.3EPSS: 0%CPEs: 136EXPL: 0CVE-2020-2757 – OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549)
https://notcve.org/view.php?id=CVE-2020-2757
15 Apr 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html • CWE-248: Uncaught Exception CWE-502: Deserialization of Untrusted Data CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 4.3EPSS: 0%CPEs: 135EXPL: 0CVE-2020-2756 – OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541)
https://notcve.org/view.php?id=CVE-2020-2756
15 Apr 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html • CWE-248: Uncaught Exception CWE-502: Deserialization of Untrusted Data CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 4.3EPSS: 0%CPEs: 126EXPL: 0CVE-2020-2754 – OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898)
https://notcve.org/view.php?id=CVE-2020-2754
15 Apr 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Appl... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html • CWE-248: Uncaught Exception •
CVSS: 4.3EPSS: 0%CPEs: 134EXPL: 0CVE-2020-2755 – OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904)
https://notcve.org/view.php?id=CVE-2020-2755
15 Apr 2020 — Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Appl... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html • CWE-248: Uncaught Exception •
CVSS: 9.3EPSS: 27%CPEs: 20EXPL: 4CVE-2020-5260 – malicious URLs may cause Git to present stored credentials to the wrong server
https://notcve.org/view.php?id=CVE-2020-5260
14 Apr 2020 — Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.examp... • https://packetstorm.news/files/id/157250 • CWE-20: Improper Input Validation CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 0%CPEs: 45EXPL: 1CVE-2020-11758 – Debian Security Advisory 4755-1
https://notcve.org/view.php?id=CVE-2020-11758
14 Apr 2020 — An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h. Se detectó un problema en OpenEXR versiones anteriores a 2.4.1. Se presenta una lectura fuera de límites en el archivo ImfOptimizedPixelReading.h. An update that solves 7 vulnerabilities and has one errata is now available. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 41EXPL: 1CVE-2020-11759 – Debian Security Advisory 4755-1
https://notcve.org/view.php?id=CVE-2020-11759
14 Apr 2020 — An issue was discovered in OpenEXR before 2.4.1. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer. Se detectó un problema en OpenEXR versiones anteriores a 2.4.1. Debido a un desbordamientos de enteros en las funciones CompositeDeepScanLine::Data::handleDeepFrameBuffer y readSampleCountForLineBlock, un atacante puede escribir en un puntero fuera de límites. Multiple security issues were found... • https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 42EXPL: 1CVE-2020-11760 – Debian Security Advisory 4755-1
https://notcve.org/view.php?id=CVE-2020-11760
14 Apr 2020 — An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp. Se detectó un problema en OpenEXR versiones anteriores a 2.4.1. Se presenta una lectura fuera de límites durante una descompresión RLE en la función rleUncompress en el archivo ImfRle.cpp. An update that solves 7 vulnerabilities and has one errata is now available. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00051.html • CWE-125: Out-of-bounds Read •